- This topic has 71 replies, 53 voices, and was last updated 13 years ago by 16stonepig.
-
No CRC security issues?
-
NewRetroTomFull Member
Looking at the other thread it seems that a lot of people on the forum have had their credit card details used for fraudulent transactions recently.
I know a lot of people on the forum also use Chain Reaction Cycles.
I don’t believe that there is any connection between these two facts.
Please would everyone who has bought items from CRC in the last month and has not had any fraudulent activity on their card since post here.
I used CRC last week and there hasn’t been any fraud on my card.
clubberFree MemberToo many common fraud occurrences to be coincidence IMO.
Not me though – I use paypal.
SqwubbsyFree MemberI used CRC about 2 weeks ago and checked my account the other day when the other thread popped up. No fraudulent transactions on my card.
CosstickFree MemberUsed on sunday and no fraud, but also no parcel !
What happened to their great service ?
crispedwheelFree MemberToo many incidents to be a coincidence IMO also.
Also, it’s not just this thread/forum is it? Isn’t there a similar thread on bike radar?DavidFeltFree MemberUsed them on Saturday, no parcel yet, but no fraud either (been checking it religiously out of paranoia)!
Fingers crossed I’m one of the lucky ones!
kimbersFull Memberi used them last week but paypal so im safe(hopefully)
frankly im amazed so many people still enter their cc details every time they order, not only is it easier to be scammed but its hassle too!
PJayFree MemberNo fraud on my account, I’ve used them a fair bit recently but always with PayPal. Didn’t Wiggle have a similar problem a while back, one of the first things they seemed to do in response was to set up PayPal checkouts? I tend to use PayPal wherever I can now. I shall be keeping an eye on both my bank account and PayPal account though, just to be sure.
I’m not sure I’d agree that there’s no CRC connection though, like others have suggested, there seem far too many problems for it just to be coincidence.
NorthwindFull MemberThere’s been people who’ve had fraud on their account straight after a CRC transaction, with accounts that barely get used and for a couple of folks for accounts that haven’t been used for anything else (apparently, usual internet disclaimers aside). That’s pretty conclusive.
It should only amount to inconvenience for people though, credit card protection is pretty good.
iain1775Free MemberYeah it’s not just here but bikeradar pink bike and others prob well in excess of 100 people now? That’s too big a coincidence to be no connection shame because I need a load of bits but not risking it at the mo even with paypal
4ndyBFree MemberThread on Bikeradar has a fella claiming he has spoken to CRC & they are aware of the security issue…
Just spoke to chainreaction. They are aware of the situation and their security team are aware of the situation. Chainreaction does look like the platform for which the details have been stolen. I urge anyway who has used chainreaction to check their account or contact their bank immediatly.
neninjaFree MemberThere are apparently people on other forums who used new cards for the first time with CRC who it’s happened to.
Can’t be coincidence
MarkFull MemberHere’s some stats I’d like to see…
How many people have used CRC in the last month and how many have experienced card fraud?
The other thread contains 111 individual people’s posts. Not all reported fraud. So lets say that 80 people have reported fraud on their accounts.
The issue you have to bear in mind is how many of us on here will have used CRC in the last month. Considering that in the last month over 470,000 people have been to this website. This being a mountain biking website it’s highly likely that many tens of thousands of those visitors have used the services of CRC in that time since CRC are the single biggest online retailer of cycling accessories. So far we can say that around 80 people from that group of thousands have experienced fraudulent activities on their accounts. If say (and this is a total guesstimate) 10,000 people have visited this site who have shopped at CRC (2% of site visitors) then 80 reports equates to 0.8%. I’m inclined to think that in the last month many more than 2% of our visitors have shopped at CRC and so that 0.8% to my mind could be a lot smaller.
However, you spin these numbers, so far based on the very anecdotal evidence of people posting on a cycling forum, it’s a very small proportion of users who have had any issues with payments.
So far all we have is a small fraction of users of this forum stating that they have experienced two things – shopping at CRC (which is not surprising since this is a bike site) and card fraud. Naturally with each person reporting that they two have shopped at CRC AND experienced some kind of card fraud this appears at first glance to add weight to their suspicions. Whether there is a link between the two is questionable in light of such a tiny sample of data.
http://en.wikipedia.org/wiki/Post_hoc_ergo_propter_hoc
A happened before B and therefore A CAUSED B
But then I spend a large proportion of my day looking at numbers and finding trends – That doesn’t mean I’m not wrong. But it does make me very wary of drawing conclusions based on what at first glance looks like evidence.
andylFree MemberI noticed that Rosebikes have the option to pay via bank transfer which I thought was quite good. That way you only have to enter details in your online banking. If in Germany i guess you could even pop into the bank and pay.
psychleFree MemberGood post Mr Grumpy… love a bit of statistical explanationing 🙂
mikewsmithFree MemberCheers Mark, bit late though I’m sure I saw a rush on Pitch Forks and Ferry tickets!!
PJayFree Member470,000 have been to the website in the last month? I doubt it personally, 470,000 visits maybe but they’re not all going to be unique (I’m on here every day for a start); how many registered users are there on Singletrack? The fact that other people on other forums appear to have reached the same conclusion, apparently independantly, seems telling too.
It seems a significant number of problems to at least make you think about it carefully.
TuckerUKFree MemberWhat an excellent intelligently though out thread. We could start another one asking how many people have driven over the limit without any negative effects, conclusively proving no link between drink driving and accidents.
TrimixFree MemberMark, your stats dont disprove that there may be risk using CRC.
Even one suspected act of card fraud is enough reason for people to wake up to security, check their cards and use safer methods of buying.
+1TuckerUK
DickBartonFull MemberIt doesn’t matter how many folk have been hit. The fact it is happening should get people in caution mode. Instead we see a post from the web people who are sponsored by the shop with the apparent problem telling us it isn’t really a big issue…
What am I missing???
It is a problem and it needs resolved. As much as it is 80 people here, that adds up to a fair amount of cash for a shop. If they go elsewhere then it is a loss and likely to get felt somewhere along the line…
crackheadFree Member470,000 people visited Singletrack website?
I suggest you have a holiday away from your numbers…you are hallucinating my friend!nicknameFree MemberI used it last week, and so far no fraud.
Wasn’t part of it todo with using a voucher code (which I didn’t)?
Tom83Full Member@Nickname – Took about a week and a half for my card to be used. I imagine they’re working they’re way through all the cards they’ve swiped. The feckers.
4ndyBFree MemberCRC have replied on the other thread
Hi everyone,
Apologies for the delay in responding to the concerns you have expressed. We do take your comments very seriously and we understand the worry and frustration caused by credit card fraud. We would emphasise that the number of concerns brought to our attention is a tiny fraction of the number of transactions that we process on a daily basis, but no stone will be left unturned in our investigations.
Our own infrastructure is routinely and independently tested and we are confident that it is robust. We are working with industry experts including the card processing companies to identify possible causes both inside and outside the control of CRC.
We will update you with further information as and when we have it. In the meantime, if you are a customer of CRC and have been recently affected by any of the matters discussed, please contact us on +44 (0)2893343758 between 9am – 5.30pm or email enquiries@chainreactioncycles.com and we will be glad to help you.
The CRC Team
MarkFull MemberThose 470k visitors are verifiable and from google analytics. To be clear that’s 470,000 VISITORS! Visits is a much larger number.. as is the 7.5 million pages we deliver every month.
Here’s the actual numbers straight from todays Analytics report…
7.74 million page views in the last 30 days
1.3 million visits
476,286 visitorsIn January we delivered 40 million ad impressions.
On monday this week this site logged just short of 47k visits by 31,145 unique visitors. BTW that makes this monday the busiest day on our site in our ten year history.
Anyone who would like to see our actual reports live then I’m happy to show them via our analytics account if they want to call in at the office 🙂
These are huge numbers. But they are dwarfed by CRCs traffic figures. I don’t think many people realise just how many transactions CRC deal with as a result of the enormous traffic figures their site gets.
tonFull Memberplaced 4 orders on sunday
1 arrived yesterday 3 arrived today.
no problem with crc ever, either with c/card or paypal.dirtbiker100Free MemberDid you all take advantage of the £10 money off voucher? That’s where I think things happened.
NewRetroTomFull MemberGood post from Mark, and good to see a response from CRC too.
TuckerUK – Member
What an excellent intelligently though out thread. We could start another one asking how many people have driven over the limit without any negative effects, conclusively proving no link between drink driving and accidents.Err no. The other thread is trying to prove a link between the two based on circumstancial evidence. This thread is trying to point out the flawed logic in trying to establish such a link using forum chatter.
To those who say “use safer methods of buying” as far as I’m concerned credit card is completely safe. If my card gets scammed I call the issuer and they refund it. I have two cards so that the inconvenience of the card being cancelled is cut out. Having said this only two cards of mine have been cancelled for fraud in 12 years, and I use them both loads all over the place.
chewkwFree MemberTwo possibilities …
1. Security breached at retailer.
2. Individual PC infected due to visiting pnro sites.
mikewsmithFree MemberTook about a week and a half for my card to be used. I imagine they’re working they’re way through all the cards they’ve swiped. The feckers
Generally Cards are sold by the 1000’s to organised criminals, lots seem to wait a few months so that the source of the detail theft cant be traced easily (so I read) which makes a lot of sense – like most things no point shutting off the supply
StoatsbrotherFree MemberMark That’s ip addresses isn’t it rather than actual people? Still pretty good. I access the site and forum by 5-6 different i/p addresses on average in a given week. And of course some people may be on dynamically allocated addresses – so whilst the numbers look good to advertisers – the idea that 1% of the total UK adult population visit this site in a given month stretches credulity a bit…
As too, sadly does your attempt to talk down what looks like a very clear security issue – which relates to a particular discount voucher issue many of us received (and I didn’t use) and which has led to a particular pattern of card fraud even in people with very low card usage. I have not been stung btw, just checked my card.
Certainly there is no proof yet – but there is a slightly suggestive pattern. And your statement that it is a relatively low number of people who have been scammed is based on the assumptions that a) they have discovered it yet, b) they’d post about it on this or another forum.
A cynic would ask if you felt it necessary to talk down an advertisers security issue. I am sure this is not the case.
StoatsbrotherFree Memberjust wait…. 😉
actually no one has suggested that everyone who used it has been screwed. It will be very interesting to see what the final analysis is. But CC fraud is (news said today) decreasing if anything and this is an interesting cluster…
CheeksFree MemberLLoyds fraud department called me today to inform me that they had blocked a possible attempt by “global telecoms” to debit £462 from my account.
They mentioned CRC to me as a possible source, not the otherway round. I dismissed it to them, not believing it could be their site as have been using them for years with no problems. Id used them last week.
Got home stuck some coal in the pewder and fired up the forum and was suprised to find it has happened to loads of others. Yeah massive coincidence.druidhFree MemberOk – here’s an idea for another thread.
Hands up if you’ve had a fraudulent transaction in the last two weeks – AND YOU NEVER USE CRC?
ir_banditoFree MemberI used them a couple of weeks ago. But because of the other thread I thought I should check the credit card statement. Which my wife saw.
No fraud, but I’m now in trouble for spending too much money on toys. Damn!MarkFull MemberStoats…
IP addresses… yes, it’s IP addresses but if you are going to count the dynamics then you also need to consider those accessing through a network – at work say – where only one IP will be assigned to many. Yes, IP addresses are NOT actual people but it’s the best measure that any website has got right now it’s a generally accurate measure – and via Google analytics at least the ruler is the same for almost everyone now.
It’s also not 1% of the UK as we are a VERY global website and our traffic sources are very wide and varied.
And I’m not talking down the issue, just trying to add a little rationality to what is at this point in time just hearsay and anectodes and if you consider a relatively small number (it looks a lot but in relation to the sheer staggering number of transactions that go through CRC every day) is a ‘clear security ‘ issue then I’m rather glad you are not a detective or a judge.. You aren’t are you?
As for the cynic comment that’s just nonsense. You say you are sure that’s not the case but you couldn;t help bringing it up. Answer me this.. is my argument irrational or logical? And I’ll further remind you that I’ve not said there isn’t an issue with CRC but merely that adding up anecdotal comments on a forum is not the best evidence to hang a judgement on.
There’s already almost a consensus that this issue is directly linked to the voucher use and yet reading back through the comments there are several posters who point out that they have lost money and yet have NOT used the vouchers. This kind of suggests that the voucher issue is a red herring, and yet human judgement being what it is (naturally irrational) many people have blocked that out and the opinion that this is linked to vouchers has prevailed.
I’m simply suggesting that keeping calm, cautious and looking at the evidence with care and rational thinking is much more likely to lead us to the source of these fraudulent transactions than simply adding up posts on a forum. Who knows.. maybe there will turn out to be a problem with CRC but it’s surely a little early to be sharpening pitchforks.
theotherjonvFull Memberjust found this thread and also read the other one that this is a response to.
I ordered some stuff from CRC that was out of stock a few weeks back as price was good and I was prepared to wait for it to come in. It came in last week and the card was duly charged, and goods have been received.
I was called yesterday by my bank querying 3×20 quid top ups for Vodafone. They also specifically asked me to confirm a CRC transaction.
How does that work then, if companies can’t store CC details; I put mine in several weeks ago but they weren’t used until the goods were ready to be shipped? Where were they stored in the meantime?
That also to me suggests it’s not keystroke logging or the like, seeing as if that was the case then the details would have been ready for use shortly after order was placed, whereas they only got used after the CRC transaction a while later.
If it looks like a duck, walks like a duck, and quacks like a duck, chances are it’s a duck.
The topic ‘No CRC security issues?’ is closed to new replies.